old virus, how to remove sedoparking redirect

Discussion in 'Windows XP Help and Support' started by denrecnoc, Apr 16, 2014.

  1. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0
    Appears to be an older bot, that effects Java scripts from any browser.

    A website, www.sedoparking.com redirects a java scripted web paged to another page requesting a renewal.

    Appears to be a fairly common virus that has been around for several years. However Malwarebytes is unable to detect and Superadminspyware's trial period has ended.

    Does anyone know of any freeware or trial-ware program available that can easily detect and quarantine this particular virus bot or provide information where to locate for removal?
     
    Last edited: Apr 16, 2014
    denrecnoc, Apr 16, 2014
    #1
    1. Advertisements

  2. denrecnoc

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,580
    Likes Received:
    552
    Location:
    Florida
    if you are still infected or think you might be, I can send you to the malware removal forum at Geeks to Go, I am not authorized to analyze logs here.

    http://www.geekstogo.com/forum/forum/37-virus-spyware-malware-removal/

    read the pinned notices first before posting. the volunteers here know what programs to download and all are free and reliable.
     
    Elizabeth23, Apr 16, 2014
    #2
    1. Advertisements

  3. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0
    Ok, thanks ... I don't believe I am infected from past problems. I think this may be something recent either with my LAN or the WLAN. Possibly something involved with effecting a DNS and the SAT modem.

    My Internet connection requires connection through a Sat dish , a sat modem then a couple of routers that create a WLAN (wireless lan) with WiFI clients.

    The IP address I am trying to access is the systemcontrolcenter for the SAT modem which is tied into the SAT Internet network. (Hughesnet)

    All their SAT customer LANs have a sat modem with a 192.168.0.1 IP address. (www.systemcontrolcenter.com) that displays modem and sat connection information.

    So far the redirect only occurs when trying to access www.systemcontrolcenter.com (using the ip address, 192.168.0.1 there is no redirect but the sat modems webpage fails to load).

    I am trying to determine if the problem exists on my LAN the WLAN, or the SAT modem's LAN. I tried a second PC that has not been used for a week or so and the same problem occurs. I was able to access the systemcontrolcenter in the AM ... the problem started to occurred sometime yesterday afternoon ( PM).

    Sat modem LAN > WLAN > LAN (for my PC)
     
    Last edited: Apr 16, 2014
    denrecnoc, Apr 16, 2014
    #3
  4. denrecnoc

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,580
    Likes Received:
    552
    Location:
    Florida
    any redirect should be investigated, I urge you to have your pc cleaned.

    as for
    I could google for some ideas, but since I do not use wifi or a satellite connection, I would have no personal experience with these issues.
     
    Elizabeth23, Apr 16, 2014
    #4
  5. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0
    Searching the Internet produces some information about this problem, referencing sedoparking.com all the way back to 2006. None appear to be WiFi or Sat related.

    I think the problem may be a simple one, such as modifying the DNS.

    However, after googling and searching some of the malware forums. I haven't been able to find any definite answers or details.
     
    denrecnoc, Apr 16, 2014
    #5
  6. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0
    After cleaning the original PC the popup stopped, however the ip & url are unreachable.

    From a Vista laptop that's been in storage for over a month, rarely used. 192.168.0.1. (www.systemcontrolcenter.com) are also unreachable. (with or without the firewall enabled)

    The problem seems to be the DNS for accessing the ip address is somehow being blocked outside the PCs LAN.

    I will need to try accessing the modem directly and from other parts of the LAN and WLAN to see what other hardware is being effected.
     
    denrecnoc, Apr 17, 2014
    #6
  7. denrecnoc

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,580
    Likes Received:
    552
    Location:
    Florida
    when I try to go to that website, I get a blank page, and it would be blocked by my anivirus if it is malware related.

    can you get other sites ok??

    just this one is bad??
     
    Elizabeth23, Apr 17, 2014
    #7
  8. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0
    Here is source for the blocking / redirected webpage ..

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="utf-8">
    <style type="text/css">
    html, body, #partner, iframe {
    height:100%;
    width:100%;
    margin:0;
    padding:0;
    border:0;
    outline:0;
    font-size:100%;
    vertical-align:baseline;
    background:transparent;
    }
    body {
    overflow:hidden;
    }
    </style>
    <meta content="NOW" name="expires">
    <meta content="index, follow, all" name="GOOGLEBOT">
    <meta content="index, follow, all" name="robots">
    <!-- Following Meta-Tag fixes scaling-issues on mobile devices -->
    <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport">
    </head>
    <body>
    <div id="partner"></div>

    <script language="JavaScript">
    <!--

    function SymError()
    {
    return true;
    }

    window.onerror = SymError;

    var SymRealWinOpen = window.open;

    function SymWinOpen(url, name, attributes)
    {
    return (new Object());
    }

    window.open = SymWinOpen;

    //-->
    </script>

    <script type="text/javascript">
    document.write(
    '<script type="text/javascript" language="JavaScript"'
    + 'src="//sedoparking.com/frmpark/'
    + window.location.host + '/'
    + 'sedonewreg'
    + '/park.js">'
    + '<\/script>'
    );
    </script>
    </body>
    </html>

    <script language="JavaScript">
    <!--
    var SymRealOnLoad;
    var SymRealOnUnload;

    function SymOnUnload()
    {
    window.open = SymWinOpen;
    if(SymRealOnUnload != null)
    SymRealOnUnload();
    }

    function SymOnLoad()
    {
    if(SymRealOnLoad != null)
    SymRealOnLoad();
    window.open = SymRealWinOpen;
    SymRealOnUnload = window.onunload;
    window.onunload = SymOnUnload;
    }

    SymRealOnLoad = window.onload;
    window.onload = SymOnLoad;

    //-->
    </script>
     
    denrecnoc, Apr 17, 2014
    #8
  9. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0
    I am able to get to other sites ok, its seems to be only the url / ip address for the sat modem.

    Anyone outside the modems LAN on the Internet should not be able to connect. Only those on the LAN or WLAN.

    The ip/url address is similar to a router's firmware on a LAN, only sat modems are also connected to Hughesnet and/or their NOCs. Its basically an address to provide limited information for the sat user, such as download allowances and conditions of the sat connection.
     
    Last edited: Apr 17, 2014
    denrecnoc, Apr 17, 2014
    #9
  10. denrecnoc

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,580
    Likes Received:
    552
    Location:
    Florida
    Have you contacted your isp provider??

    it seems that this should come under their service.
     
    Elizabeth23, Apr 17, 2014
    #10
  11. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0
    Well yes and no, an ISP might open a case, after going through various testing procedures, and find their hardware or software " may " somehow be faulty. Even if you have evidence to the contrary or of a known problem, they usually are required to perform their own testing procedures.

    Most service contracts only cover only up to your modem. If a service call is required, anything after your modem the customer is usually required to pay for the service call or have some sort of additional insurance or maintenance contract.
     
    Last edited: Apr 17, 2014
    denrecnoc, Apr 17, 2014
    #11
  12. denrecnoc

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,580
    Likes Received:
    552
    Location:
    Florida
    Elizabeth23, Apr 17, 2014
    #12
  13. denrecnoc

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,580
    Likes Received:
    552
    Location:
    Florida
    Elizabeth23, Apr 17, 2014
    #13
  14. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0
    Ok, thanks for the links.

    I am looking around for another firewall and antivirus to replace my old outdated ones.

    Microsoft Security Essentials now displays a warning that MS no longer supports Windows XP.

    ____

    Yes I think this ISP does offer some technical advice, however there are several levels of tech support.

    Initially there is aa overseas tech support number for basic tech support, that is based in countries such as India for example. This tech support normally will have you perform various types of basic tests such as modem resets, power on / off, etc. no matter what problem you have. This technical support is suppose to provide another technical support number (based in the US) if their tech support is unable to resolve any basic technical issues.

    There is also is a community forum which offers support for some types of technical issues, from the ISPs personal and other ISP users. The forum's technical support personal will follow up on certain issues only if you have a technical support case number, which is only provided by the US based tech support.

    ___

    I will need to first test connections outside my wireless LAN to try and determine what part of the network the problem actually exists.
     
    Last edited: Apr 17, 2014
    denrecnoc, Apr 17, 2014
    #14
  15. denrecnoc

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,580
    Likes Received:
    552
    Location:
    Florida
    Okay, and if you find a solution, please post it for anyone else who may have the same issue. Thanks, sorry I could not be very helpful
     
    Elizabeth23, Apr 17, 2014
    #15
  16. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0
    After uninstalling the old firewall and antivirus, I installed 360 and it seems to be working ok. However there is no firewall. What do you use for a firewall when using 360?
     
    denrecnoc, Apr 18, 2014
    #16
  17. denrecnoc

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,580
    Likes Received:
    552
    Location:
    Florida
    I use windows built in firewall
     
    Elizabeth23, Apr 18, 2014
    #17
  18. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0
    I guess that works ok. I was running a Symantec Firewall along with the Windows built-in Firewall.

    On another machine I was thinking of installing Avast?

    So you run both the Windows Firewall and Avast on the same PC?
     
    denrecnoc, Apr 18, 2014
    #18
  19. denrecnoc

    Elizabeth23

    Joined:
    Dec 10, 2012
    Messages:
    5,580
    Likes Received:
    552
    Location:
    Florida
    yes because the free avast does not come with a firewall. xp's firewall is enough along with a good antivirus. :)

    you should only have one firewall, if you use other than windows, you should disable windows firewall.
     
    Elizabeth23, Apr 18, 2014
    #19
  20. denrecnoc

    denrecnoc

    Joined:
    Mar 26, 2014
    Messages:
    32
    Likes Received:
    0

    Ok, well perhaps a re-install of the outdated Symantec Firewall, then disabling the Windows Firewall would be a better option. Symantec (a business edition) has many other configurations options, privacy settings, ad blockers, etc. when compared to the Windows Firewall.

    I did download a free Comodo firewall, I am wondering how this firewall compares either the outdated Symantec and Windows Firewalls.
     
    denrecnoc, Apr 18, 2014
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.